Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

POST data encryption - Is HTTPS enough?

Tags:

post

security

php

https

ssl

Consider a scenario, where user authentication (username and password) is entered by the user in the page's form element, which is then submitted. The POST data is sent via HTTPS to a new page (where the php code will check for the credentials). Now if a hacker sits in the network, and say has access to all the traffic, is the Application layer security (HTTPS) enough in this case ? I mean, would there be adequate URL encryption or is there a need to have Transport Layer security ?

like image 518
Hari Avatar asked Mar 15 '11 09:03

Hari

People also ask

Is HTTPS enough for encryption?

HTTPS over SSL/TLS is designed to provide encryption in transit. Since communication between a browser and website server (with a secure certificate) is in an encrypted format, the data packets in transit cannot be tampered with or read even if they are intercepted.

Does HTTPS encrypt post data?

HTTPS encrypts nearly all information sent between a client and a web service.

How secure is HTTPS POST request?

HTTPS is HTTP with encryption and verification. The only difference between the two protocols is that HTTPS uses TLS (SSL) to encrypt normal HTTP requests and responses, and to digitally sign those requests and responses. As a result, HTTPS is far more secure than HTTP.

Is HTTPS 100% secure?

Just because a website has a certificate, or starts with HTTPS, does not guarantee that it is 100% secure and free from malicious code. It just means that the website is probably safe. In the vast majority of cases the sites will be. Just not always.

2 Answers

Yes, everything (including the URL) is going through the encrypted channel. The only thing that the villain would find out is the IP address of the server you are connecting to, and that you are using HTTPS.

Well, if he was monitoring your DNS requests as well, he might also know the domain name of the IP address. But just that, the path, query parameters, and everything else is encrypted.

like image 89
Vilx- Avatar answered Sep 18 '22 00:09

Vilx-

Yes. In an HTTPS only the handshake is done unencrypted, but even the HTTP GET/POST query's are done encrypted.

It is however impossible to hide to what server you are connecting, since he can see your packets he can see the IP address to where your packets go. If you want to hide this too you can use a proxy (though the hacker would know that you are sending to a proxy, but not where your packets go afterwards).

like image 30
orlp Avatar answered Sep 22 '22 00:09

orlp
Sign in to Comment

Related questions

Getting the actual (absolute) execution time of the last query in PHP (excluding network latency etc)
MYSQL Select to file
How do i get a transparent background after rotaing a png image with php?
PHP: Short id like Youtube, with salt
PyroCMS helper documentation
Why does is_array() return false?
how to write Regular Expression in MySQL select queries?
Object orientated strings / numbers in PHP?
PHP - highlight text from a string containing HTML
wrong symbol exported in fpdf... ñ as ñ ..?
How to extract a substring from a string in PHP until it reaches a certain character?
Defining namespaces in phpDoc syntax
Need a simple ORM or DBAL for existing PHP app
Session Share Across Multiple Domains On Same Server
CodeIgniter MySQL query not working
trim() function : How to avoid empty string return if the argument is unset/null variable?
how to remove comma white space during explode and replace?
MVC PHP - Sending mail from Model
Php read file contents of network share file
How do I group same array value

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!